Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-33676 | 1 Sap | 1 Customer Relationship Management | 2021-07-16 | 6.5 MEDIUM | 7.2 HIGH |
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | |||||
CVE-2017-15294 | 1 Sap | 1 Customer Relationship Management | 2019-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. | |||||
CVE-2013-7095 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 10.0 HIGH | N/A |
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | |||||
CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 5.0 MEDIUM | N/A |
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
CVE-2018-2380 | 1 Sap | 1 Customer Relationship Management | 2018-03-23 | 6.5 MEDIUM | 6.6 MEDIUM |
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2017-01-02 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||||
CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2017-01-02 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2014-11-06 | 10.0 HIGH | N/A |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. |